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COURSE DESCRIPTION 

Basics of Information Technology security. Students are introduced to the goals of 
IT security, common threats and countermeasures including firewalls, SSL 
technologies and IP Masquerading. Several operating environments will be studied 
as examples. This course will also include a section on computer ethics. 
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COURSE CURRICULUM 



I. Course Learning Requirements/Embedded Knowledge and Skills 



Course Learning Requirements 


Knowledge and Skills 


i o earn creuu ior mis course, you musi 
reliably demonstrate your ability to: 




1 . Identify modern network security 

thfp ate 


Analyze and describe network threats 

L/CaLllUC 1111 LI gu. LIU 11 LCdllllLJ UC3 

Describe basic security strategies on a network 


2. Conduct vulnerability assessments 


Conduct packet-level analysis, protocol and traffic analysis 
Describe front-end collection systems and how they are 
used for network traffic collection, filtering and selection 

lx/Tot** nptwnrl'c '^ r~\ t \ rprrp^tp t~\ r*t\ \ ? s w\s tnt^r\l a<tipc 
IVlaU llCLWtJlK?> dlKl iCCiCclLC 11CLWU11V LUUUlUglCs 

Use network analysis tools to identify vulnerabilities 


3. Given the security needs of an 

pntprnfi gp cvp'A^p c\ nH i mnlpmpnt a 
C11LCI JJI1?>C, LICaLC ill 11.1 1111U1C111C11L a 

comprehensive security policy 


Describe the secure network lifecycle 

Pctnnlicn a r*omnt*p npti ci \?p cpr*iiT*it\/ nnlifv tr\ mppt trip 
LfSLdUllSll a CUlllLJlCllCllM VC SCCLLllLy JJUllL-y Lv J 111CCL L11C 

security needs of a given enterprise 


4. Implement appropriate measures to 
secure network devices 


Configure secure administrative access and router 
resiliency 

i rvfiTi tTiifP pfitnmsrKi £nitnor"i7iit"ir\Ti ncintr nt*i^7ilpcrp 1p\?p1c 
V^UllllgUlC CUlllllldllU dULIlUllXdllUIl Ll&lllii JJllvllCiiC 1CVC15 

and role-based access control 

Configure network devices for monitoring 


5. Implement Firewall Technologies 


Explain the importance of firewalls 

Configure network devices to implement a firewall 

Implement perimeter security 


6. Implement Intrusion Prevention 


Describe the advantages and disadvantages of Intrusion 
Prevention and Detection Systems 
Deploy IDS/IPS systems in a network 
- Analyze IDS/IPS logs 


7. Implement Virtual Private Networks 


Describe cryptographic methods for implementing data 

confidentiality and integrity 

Describe the purpose and operation of VPN types 

Implement Site-to-Site IPSec VPNs 

Configure and verify a remote access VPN 



II. Learning Resources 

Recommended Textbook: Implementing Cisco IOS Network Security (IINS) Foundation Learning Guide 
Second Edition, Cisco Press, ISBN 978-1587142727 
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III. Teaching/Learning Methods 

The course consists of 3 hours of lectures and 2 hours of lab per week. It is anticipated that you will need to 
spend an additional 3 hours per week, on average, of your own time for assignments and study. 

During this course you are likely to experience: 

Lectures: 

Lectures will present the theoretical material of the course. 

Students are expected to attend all of the lectures. Students are encouraged to ask questions during lectures and 
to consult with the professors on topics, which they do not clearly understand. Professors will inform students, 
at the beginning of the course, of suitable times for consultations. 

Labs: 

Students are expected to perform initial analysis and design before their scheduled lab, in order to take 
advantage of the limited lab time. Laboratory assignments will be closely integrated with the lecture material. 
The students' ability to successfully complete the assigned exercises will directly correlate with their level of 
success on tests and the final exam. Students are expected to attend all the labs. 

IV. Learning Activities 

Samples of learning activities include: 

- classroom lectures 

- laboratory work 

- practical and reading assignments 

- research of course-related material 

- student presentations 
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V. Course Content 



Week 


Lecture 
Date 


Description 


Reference 


1 


TBD 


Intro to Security 

Course Introduction 
Basic Security Concepts 
Defence-In-Depth principles 


Paquet, Chapter 1 . 


2 


TBD 


Security Controls 

Types of Security Controls 
Security Policy Basics 


Paquet, Chapter 1 

From Badware to Malware (2010) 


3 


TBD 


Vulnerability Analysis 

Port scanning 

Vulnerability scanning 

Packet, protocol and traffic analysis 


Paquet, Chapter 1 

Tactical Exploitation (2011) 




Date 


Description 


Reference 


4 


TBD 


Front-End Collection 

Front-end collection systems 

Network traffic collection, filtering and selection 


Jacob Applebaum: To Protect And Infect, Part 2 
(2013) 


5 


TBD 


Operational Security 

Basics of Operational Security 
Business Continuity Planning 


Paquet, Chapter 2 

"Shifting Focus: Aligning Security with Risk 
Management" (2008) 


6 


TBD 


Securing Network Devices 

Configuring secure router access 
Privilege levels and RBAC 


Paquet, Chapter 3 


7 


TBD 


Securing Network Devices 

Logging and Monitoring 
Automated IOS security features 


Paquet, Chapter 4 


8 


TBD 


Network Security 

Protecting Edge Devices 
DMZ Concepts 
Firewall Concepts 


Paquet, Chapter 8, 9, 10 


9 


TBD 


Network Security 

Intrusion Detection (IDS) technologies 
Intrusion Prevention (IPS) technologies 

Midterm test, worth 25% of term mark 


Paquet, Chapter 1 1 


Study Break 


10 


TBD 


Cryptography 

History of cryptography 

Symmetric and asymmetric encryption 

Hashes and digital signatures 


Paquet, Chapter 12 


11 


TBD 


Cryptography 

Diffie-Hellman 

Public Key Infrastructure 


Paquet, Chapter 1 3 

Theory and Practice of Cryptography (2007) 


12 


TBD 


Virtual Private Networks 

VPN Types 
IPsec VPNs 


Paquet, Chapter 14 

Before, During, and After Public-Key 
Cryptography (2007) 


13 


TBD 


Virtual Private Networks 

Site-to-site VPNs 
Remote access VPNs 


Paquet, Chapter 1 5 


15 


TBD 


Final Exam worth 30% of term mark 
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VI. Evaluation/Earning Credit 

The following will provide evidence of your learning achievement: 

Assessment of student learning will be done by means of class tests, 4-5 quizzes, final exam, labs and 
assignments. 

All laboratory assignments must be successfully completed in order to obtain course credit. Late assignments 
will be penalized and receive a mark of zero, but they must still be completed. Any missed evaluation points 
will result in a grade of "0". In the case of a documented emergency the professor, in consultation with the 
Chair, will determine how the marks will be made up and/or final grade adjusted. 

The Information and Communications Technology Department requires that all course 
assignments (homework exercises, laboratory work, projects, etc) be submitted by students 
using a standard which could be specific to one or more courses. Professors will ensure, 
at the beginning of the term, that students are advised of the exact details of these 
course specific submission requirements. Professors will also post them online alongside 
the course outline. Student submissions that do not meet the course published submission 
standards may not be marked, and may incur a penalty of up to 100% of the submission mark. 

The factors in the final grade are: 



In order to pass the course, the student must have a grade of at least 50% or "D-" on tests, quizzes and final 
exam combined (items 4 and 5), as well as on the lab exercises component (items 1, 2 and 3). 

From items 3, 4 and 5 (tests, quizzes and exams) representing 60% of the final grade, each student must earn at 
least a 30% attribution. Students not meeting this criterion will receive a grade of "F". Labs and assignments 
(items 1 and 2) will be included in the final grade only for students satisfying this condition. 

All students are required to write the final exam. If, as a result of being off-track in your program, you note that 
there is a scheduling conflict in your final exam schedule, it is your responsibility to alert your course professor 
no later than one week before the start of the final exam period, to allow for any special arrangements. For any 
other situations resulting in a student not writing their final exam, the normal Carleton University rules for 
missed final exams will apply. See 

http://calendar.carleton.ca/undergrad/regulations/academicrequlationsoftheuniversity/acadreqsuniv2/#2.5 for details 
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1. Assignments 

2. Labs 

3. Practical Exam 

4. Class Test and Quizzes 

5. Final Examination 



15% 

25% 
5% 
25% 
30% 



CLR 1,2,3,4,5,6,7 
CLR 1,2,3,4,5,6,7 
CLR 1,2,3,4,5,6,7 
CLR 1,2,3,4,5,6,7 
CLR 1,2,3,4,5,6,7 
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VII. Related Information 

Retention of course material. It is your responsibility to retain copies of all assignments, labs and mid-term 
tests (returned from the professor), and any other evaluations and pertinent records (except for final exams, 
which are not returned) in case you become involved in an appeal hearing at a later date. 

It is also your responsibility to retain course outlines for possible future use to support applications for transfer 
of credit to other educational institutions. 

College email account. Algonquin College provides all full-time students with an email account. This is the 
address that will be used when the College, your professors, or your fellow students communicate important 
information about your program or course events. It is your responsibility to ensure that you know how to send 
and receive email using your Algonquin College account, and check it regularly. 

Harassment/Discrimination/Violence will not be tolerated. Any form of harassment (sexual, racial, gender or 
disability-related), discrimination (direct or indirect), or violence, whether involving a professor or amongst 
students, will not be tolerated on the college premises. Action taken will start with a formal warning and 
proceed to the full disciplinary actions as outlined in Algonquin College Policy AA24. 

Harassment means one or a series of vexatious comment(s) (whether done verbally or through electronic 
means), or conduct related to one or more of the prohibited grounds that is known or ought reasonably to be 
known to be unwelcome/unwanted, offensive, intimidating, derogatory or hostile. 

This may include, but is not limited to: gestures, remarks, jokes, taunting, innuendo, display of offensive 
materials, offensive graffiti, threats, verbal or physical assault, stalking, slurs, shunning or exclusion related to 
the prohibited grounds. 

Bachelor of Information Technology students are bound by the "Academic Regulations of the University - 
Student Conduct", "15. Offences of Conduct: Discrimination and Harassment" detailed within Carleton 
University's Undergraduate Calendar, and online at: 
http://www.carleton.ca/cuuc/regulations/acadregsunivl5.html 

The School of Advanced Technology's Standard Operating Procedure on Plagiarism and Academic 
Honesty defines plagiarism as an attempt to use or pass off as one's own idea or product, work of another 
without giving credit. Plagiarism has occurred in instances where a student either directly copies another 
person's work without acknowledgement; or, closely paraphrases the equivalent of a short paragraph or more 
without acknowledgement; or, borrows, without acknowledgement, any ideas in a clear and recognizable form 
in such a way as to present them as one's own thought, where such ideas, if they were the student's own would 
contribute to the merit of his or her own work. 

Plagiarism is one of the most serious academic offences a student can commit. 

Bachelor of Information Technology students are bound by the "Academic Regulations of the University - 
Student Conduct", "14. Instructional Offences" detailed within Carleton University's Undergraduate Calendar, 
and online at: http://www.carleton.ca/cuuc/regulations/acadregsunivl4.html 
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Violation of the Copyright Act. 

General - The Copyright Act makes it an offence to reproduce or distribute, in whatever format, any 
part of a publication without the prior written permission of the publisher. For complete details, see the 
Government of Canada website at http://laws.iustice.gc.ca/en/C-42 . Make sure you give it due 
consideration, before deciding not to purchase a textbook or material required for your course. 

Software Piracy. The Copyright Act has been updated to include software products. Be sure to 
carefully read the licensing agreement of any product you purchase or download, and understand the 
term and conditions covering its use, installation and distribution (where applicable). Any infringement 
of licensing agreement makes you liable under the law. 

The Use of Electronic Devices during classes, other than those sanctioned by the course professor is strictly 
prohibited. In particular, cell phones are not to be used to communicate during a class. The use of any 
electronic devices during exams and mid-term tests, other than those sanctioned by the faculty in charge of the 
examination is strictly prohibited. 

In accordance with College Policy AA32, any unauthorized use of a prohibited device will be considered 
plagiarism, and be dealt with as such. In these cases, Bachelor of Information Technology students would be 
bound by the "Academic Regulations of the University - Student Conduct", "14. Instructional Offences" 
detailed within Carleton University's Undergraduate Calendar, and online at: 
http://www.carleton.ca/cuuc/regulations/acadregsunivl4.html 

Disruptive Behaviour is any conduct, or threatened conduct, that is disruptive to the learning process or that 
interferes with the well being of other members of the College community. It will not be tolerated. 

Members of the College community, both students and staff, have the right to learn and work in a secure and 
productive environment. The College will make every effort to protect that right. 

Incidents of disruptive behaviour must be reported in writing to the departmental Chair as quickly as possible. 
The Chair will hold a hearing to review available information and determine any sanctions that will be imposed. 
Disciplinary hearings can result in penalties ranging from a written warning to expulsion. 

Students with Disabilities, requiring academic accommodations in this course are encouraged to contact a 
coordinator at the Paul Menton Centre for Students with Disabilities to complete the necessary letters of 
accommodation. After registering with the PMC, make an appointment to meet and discuss your needs with me 
at least two weeks prior to the first in-class test or instructional television midterm exam. This is necessary in 
order to ensure sufficient time to make the necessary arrangements. Please note the deadline for submitting 
completed forms to the Paul Menton Centre as published in Carleton University's "Academic Year" calendar. 

Challenge for Credit 

Challenge for credit is a Carleton University policy that enables students to obtain undergraduate academic 
credit for any learning and experience gained through work and related professional development. It is not 
intended to overlap in scope with transfer of credits or admission with advanced standing. 

For full details, see Carleton University's Undergraduate Calendar, "Academic Regulations of the University", 
Section 1.9, also available online at: http://www.carleton.ca/cuuc/regulations/acadregsunivl.html#1.9 
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For this course, candidates will provide evidence of their learning achievement through the successful 
completion of: 

A challenge exam with a breadth of coverage and level of difficulty equivalent to the final examination 
in the course; plus, 

A hands-on or practical component to demonstrate the achievement of the requisite applied knowledge 
and skills. 



Eligibility for Deferred Examination 

Only students who have achieved satisfactory performance during the term will be eligible for a deferred 
examination. In accordance with the factors determining the final grade in section VI above, satisfactory 
performance leading to the final exam is defined as the student having achieved 50% in all aspects of the course 
marking scheme (save the final exam), be they grouped (e.g. practical component, lab component, theory 
component, etc) or individually listed. 

Students who have failed the course on the basis of inadequate term course work will receive a grade of FND - 
failure with no deferred final examination allowed. 



© Algonquin College 



8 of 8 



NET3007 



